/* * Copyright (c) 2016-present, Facebook, Inc. * * This source code is licensed under the MIT license found in the * LICENSE file in the root directory of this source tree. */ package codetoanalyze.java.quandary; import com.facebook.infer.builtins.InferTaint; /** making sure the traces we report respect control-flow */ class FlowSensitivity { static class Obj { Object f; } static void callSink(Obj o) { InferTaint.inferSensitiveSink(o.f); } static void returnSource(Obj o) { o.f = InferTaint.inferSecretSource(); } static void interproceduralFlowSensitivityOk1(Obj o) { InferTaint.inferSensitiveSink(o.f); returnSource(o); } static void interproceduralFlowSensitivityOk2(Obj o) { callSink(o); o.f = InferTaint.inferSecretSource(); } static void interproceduralFlowSensitivityOk3(Obj o) { callSink(o); returnSource(o); } static void interproceduralFlowSensitivityBad(Obj o) { returnSource(o); callSink(o); } static void sourceAndSink(Obj o) { InferTaint.inferSensitiveSink(o.f); o.f = InferTaint.inferSecretSource(); } static void callSourceAndSinkOk(Obj o) { sourceAndSink(o); } static void callSourceAndSinkBad1(Obj o) { sourceAndSink(o); InferTaint.inferSensitiveSink(o.f); } static void callSourceAndSinkBad2(Obj o) { o.f = InferTaint.inferSecretSource(); sourceAndSink(o); } }